Let’s say you wanted to forward a port to another host that has an external IP (public facing like yours), this is how you would do that:

sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport $port -j LOG --log-prefix="PreRouting $port..:"
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport $port -j DNAT --to $ip:$port
sudo iptables -t nat -A POSTROUTING -j MASQUERADE

sudo iptables -A FORWARD -p tcp -i eth0 -o eth0 -s $ip --sport $port -j LOG --log-prefix="S Forward $port.."
sudo iptables -A FORWARD -p tcp -i eth0 -o eth0 -s $ip --sport $port -j ACCEPT
sudo iptables -A FORWARD -p tcp -i eth0 -o eth0 -d $ip --dport $port -j LOG --log-prefix="D Forward $port.."
sudo iptables -A FORWARD -p tcp -i eth0 -o eth0 -d $ip --dport $port -j ACCEPT

That’s about it, oh, there is a command you have to set on your network stack. Here:

sudo sysctl -w net.ipv4.ip_forward=1

This will work in a default DENY IPTables setup, so if you have already used my Default DENY IPtables firewall with auto update blacklist then this will work with it.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.